Blog

“The Global State of Open Banking and Open Finance” Report – Part 2

4min Read · 11 Mar 2025
open finance report

This article is based on the University of Cambridge Report “The Global State of Open Banking and Open Finance” and is part of our series that aims at demystifying Open Banking and Open Finance. Today, let’s dive into the unique risks and characteristics related to each financial sub-sector leading to a common question: to regulate or not to regulate?

 

Understanding Governance and Design

The architectural differences between each approach lie in whether participation is enforced, and if so, which entities are mandated to participate and what data must be shared. Additionally, differences arise in the development and enforcement of technical standards, as well as the functions permitted on accessed data in the provision of Open Banking or Open Finance products.

One of the primary distinctions between jurisdictions adopting Open Banking and/or Open Finance lies in their approach to implementation, which can range from legally enforced data-sharing and strict technical standards to a framework driven entirely by market forces.

While no single approach is universally superior, regulation-led frameworks have emerged to be particularly effective in empowering customers, enhancing data accessibility, and supporting new entrants and business models.

Both regulation-led and market-driven approaches have distinct benefits and drawbacks, and their success depends heavily on the unique conditions within each jurisdiction. However, the chosen approach ultimately depends on the specific circumstances within each jurisdiction, including what resources are scarce and what capabilities are abundant.

 

Five archetypes to regulation:

Regulation-led
  1. Mandated & Standardized Data Sharing: Refers to jurisdictions whose authorities mandate data holders to share customer’s data, upon the customer’s consent, with data users and stipulate the technical standards to be used for data sharing.
  2. Mandated Data Sharing: Refers to jurisdictions whose authorities mandate data holders to share customer’s data, upon the customer’s consent, with data users, but do not stipulate the technical standards to be used for data sharing.
  3. Standardized Data Sharing: Refers to jurisdictions where authorities do not mandate data holders to share customer data with data users upon the customer’s consent. However, if data holders choose to participate in data sharing, they are required to follow specified technical standards
Market-driven
  1. Guided Implementation: Lies between regulation-led and market-driven approaches. It refers to jurisdictions where authorities may issue API standards and/or best practices without enforcing strict adherence.
  2. Voluntary: Refers to jurisdictions where governments have largely let the market decide for itself, without any material government initiatives to support the development of Open Banking and Open Finance products and services.
open finance cambridge

Source: Cambridge Centre for Alternative Finance (CCAF)

 

Who are the data holders in scope?

Determining the entities within scope is a critical consideration for regulators when implementing a regulation-enforced participation approach. Depending on size and business entity of a data holder, different regulations may be applied to them or not. These data holders can be further classified into three distinct categories:

→ The largest Banks: This refers to a specific number of the largest banks, often based on factors such as market share or assets. This is the case of CMA9 in the UK.

→ All Banks: Every bank, regardless of size, must comply with Open Banking and Open Finance regulations like PSD2 across the European Union, ensuring uniform participation across the sector.

→ All Financial Institutions: This category includes not just banks, but all other financial service providers not mentioned in the above categories:

  • Payment Institutions
  • General Insurance
  • Savings & Investments
  • Mortgage Institutions
  • Customer Lending
  • Pension Institutions

The decision regarding which entities to include in the regulatory scope is often tied to the policy objective within each jurisdiction.

 

What are the data types in scope?

  1. Generic Services Data: Data on financial products available in the market.
  2. Transaction Data: Data that captures a customer’s financial activities across various accounts and services.
  3. Customer Data: These are personally identifiable attributes used for account opening and management, such as registration, KYC (Know Your Customer) and customer due diligence (CDD) data.

The choice of which data types to regulate is often influenced by their respective levels of risk and sensitivity, which vary significantly (API testing on non-sensible data – ATMs and products descriptions).

 

Data sharing in scope:

  • Allowed Data Types: For regulation-led jurisdictions, the concept of allowed data types is pivotal, as it defines the specific categories of data that regulators have deemed permissible for sharing under the Open Banking and Open Finance framework.
  • Live Data Types – Read Access: In this stage, institutions can share data with third parties, but access is restricted to viewing only.
  • Action Initiation – Write access: This stage enables modification of data. Institutions can initiate actions or updates, such as making payments, transferring funds or updating personal information, marking a complete transition to interactive data sharing.
open finance report

Source: CCAF

 

Read the full report here

 

 

Useful Resources See All
Press Release Six major banks in Luxembourg select LUXHUB as their VOP service provider
#PAYEE VERIFICATION PLATFORM
4min Read · 8 Apr 2025
Blog Why an Open Banking expert is the ideal partner for VOP
#Payee Verification Platform
3min Read · 6 Feb 2025
Press Release LUXHUB obtains ISO 27001 certification
2min Read · 13 Feb 2025
In the Media How FIDA opens unprecedented opportunities: 5 innovative and concrete use cases
2min Read · 25 Nov 2024